{{>toc}}

h1. LetsEncrypt

h2. Liens

* https://letsencrypt.org/

** https://letsencrypt.readthedocs.org/en/latest/

** https://github.com/letsencrypt/letsencrypt

* http://www.silicon.fr/https-ovh-rapproche-lets-encrypt-134437.html

* https://www.ekito.fr/people/lets-encrypt-installation-et-renouvellement-automatique-des-certificats/

* https://blog.imirhil.fr/2015/12/12/letsencrypt-joie-deception.html

* https://github.com/diafygi/acme-tiny

* http://www.ossir.org/resist/supports/cr/2015/2015-12-15/2015-12-15-LetsEncrypt.pdf

* https://www.metachris.com/2015/12/comparison-of-10-acme-lets-encrypt-clients/

* http://www.nextinpact.com/news/97864-lets-encrypt-gandi-infomaniak-et-ovh-vont-integrer-certificats-a-leurs-offres.htm

h2. Configuration avec acme-client

https://kristaps.bsd.lv/acme-client/ client C orienté sécu développé par Kristaps Dzonsons

h3. installation sur wheezy

Dépendances: 

 * libbsd (@apt-get install libbsd-dev@)

 * libressl

 <pre>

 $ git clone https://github.com/libressl-portable/portable.git libressl

 $ cd libressl

 $ ./autogen.sh

 $ ./configure --prefix=/usr/local

 $ make

 $ sudo make install

 </pre>

acme-client:

<pre>

 $ git clone https://github.com/kristapsdz/acme-client-portable

 $ cd acme-client-portable

</pre>

Appliquer ce patch pour que l'exécutable trouve libressl dans @/usr/local@:

<pre>

diff --git a/GNUmakefile b/GNUmakefile

index 9b0ed80..3c89b4f 100644

--- a/GNUmakefile

+++ b/GNUmakefile

@@ -43,7 +43,7 @@ CFLAGS        += -DMUSL_LIBC

 endif

 CFLAGS += -I/usr/local/include/libressl

-LDFLAGS += -L/usr/local/lib

+LDFLAGS += -L/usr/local/lib -Wl,-rpath /usr/local/lib

 OBJS   += util-portable.o

 # Do we have libseccomp installed?

</pre>

Puis continuer:

<pre>

$ make

$ sudo make install

</pre>